Meta

Archive for May, 2017

The malware ‘ransomware’ attack that hit the world on Friday, and may continue in a new form tomorrow (Monday May 15, 2017) is not preventable, but the damage might have been a lot less if those in charge of institutional computer networks did their jobs properly.

This malware, which was reportedly stolen from the U.S. National Security Administration, attacks a vulnerability in the no longer supported Microsoft XP operating system (O/S). Even though Microsoft offers a patch for the vulnerability, Microsoft has little or no ability to promote that patch to continuing users of an unsupported O/S, and certainly not to the zillions of pirated copies of the XP O/S.

Thus, if you are CIO (Chief Information Officer) or other official in charge of institutional computers, what in the heck are you doing running the XP O/S, and most especially what are you thinking in not doing everything possible to protect it while moving at full speed to get off of it?

Here’s what the New York Times reported today (May 14, 2017) about the lack of proactive protection despite warnings in Britian’s National Health Service (N.H.S.):

Britain’s defense minister, Michael Fallon, told the BBC on Sunday that the government was spending about 50 million pounds, about $64 million, to improve cybersecurity at the National Health Service, where many computers still run the outdated Windows XP software, which Microsoft had stopped supporting.

A government regulator warned [my emphasis] the N.H.S. last July that updating antiquated hardware and software was “a matter of urgency,” and noted that one hospital had already had to pay £700,000, about $900,000, to repair a breach that began after an employee clicked on a web link in an unsafe email.

“The threat from cyber attacks has not only put patient information at risk of loss or compromise but also jeopardizes access to critical patient record systems by clinicians,” the regulator, the Care Quality Commission, wrote in its report.

There should be consequences to those in charge of these institutional computers. This should have been a less destructive incident – especially since the attack did not go against the Windows 10 O/S which has been on the market for almost 2 years. I think this should have been “Your System: Not Guilty as Charged.”